|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
DCs not Replicatinga new one and replication doesn't work now. Here is what it did. I demoted a server (SVR1) to a member and promoted the replacement server to DC (SVR2). A 3rd server (SVR3) stayed as the 2nd DC and inherited FSMO and DNS-Pri roles from SVR1 before it was demoted. Also a fourth server (SVR4) was promoted to DC as a backup should something go wrong to SVR2 and the migrating SVRs. So the configuration now is: SVR1 - ex-DC, now redundant. SVR2 - Replaces SVR1, promoted to DC, inherited DHCP from SVR1. Also DNS-Sec SVR3 - 2nd DC that inherited FSMO and DNS-Pri roles from SVR1. SVR4 - 3rd DC until migration process complete. Basically, the whole process worked successfully but since the above steps have been completed, SVRs 2,3 and 4can not replicate to eachother (even if i force it through 'AD sites and Services'. The errors i am receiving point to a DNS lookup problem, but as far i can tell the servers are able to resolve DNS names. This is the error i get when attempting to replicate in 'AD sites and Services'. 'The following error occured during the attempt to contact the domain controller <servername>. The RPC Server is unavailable. this condition may be caused by a DNS lookup problem. For troubleshooting......' Help!!! Haggis,
I will admit that I was a bit confused by the wording of your post. So please forgive me if I miss something that you stated. When you demoted the Domain Controller was it successful? What 'functions' did that Domain Controller perform? DNS, GC, DHCP, etc? And what FSMO Roles did it have? Did you manually transfer them to another DC (it sounds like you let the dcpromo process do it and that it did transfer the roles to another Domain Controller)? Have you replaced the functions that the demoted DC performed? Do you have a DNS Server? Do you have a Global Catalog Server? Install the Support Tools (if not already installed) and run several utilities on each Domain Controller. These utilities are: dcdiag /v netdiag /v repadmin /v netdom query fsmo Also, check and double-check that you have at least one DNS Server and at least one Global Catalog Server. RPC errors are *USUALLY* either DNS-related or network-related. My guess here is DNS. And please verify what you had and what you now have as far as Domain Controllers go. I am a bit confused (but, then again, I am not that smart). Also, when you replaced the Domain Controller - did you use the same name and IP Address on the new Domain Controller that the old Domain Controller had? If you did, did you give AD enough time to replicate the removal of the 'old' Domain Controller? -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "Haggis" <Hag***@discussions.microsoft.com> wrote in message news:E3B8B511-7CAF-477F-8CCF-82FFB9C00F1F@microsoft.com... >I have 2 W2k3 DCs that have been working fine. Recently i replaced a DC >with > a new one and replication doesn't work now. > > Here is what it did. > > I demoted a server (SVR1) to a member and promoted the replacement server > to > DC (SVR2). A 3rd server (SVR3) stayed as the > > 2nd DC and inherited FSMO and DNS-Pri roles from SVR1 before it was > demoted. > > Also a fourth server (SVR4) was promoted to DC as a backup should > something > go wrong to SVR2 and the migrating SVRs. > > So the configuration now is: > > SVR1 - ex-DC, now redundant. > SVR2 - Replaces SVR1, promoted to DC, inherited DHCP from SVR1. Also > DNS-Sec > SVR3 - 2nd DC that inherited FSMO and DNS-Pri roles from SVR1. > SVR4 - 3rd DC until migration process complete. > > Basically, the whole process worked successfully but since the above steps > have been completed, SVRs 2,3 and 4can not > > replicate to eachother (even if i force it through 'AD sites and > Services'. > The errors i am receiving point to a DNS lookup > > problem, but as far i can tell the servers are able to resolve DNS names. > > This is the error i get when attempting to replicate in 'AD sites and > Services'. > > 'The following error occured during the attempt to contact the domain > controller <servername>. > The RPC Server is unavailable. > > this condition may be caused by a DNS lookup problem. For > troubleshooting......' > > Help!!! "Haggis" <Hag***@discussions.microsoft.com> wrote in message What about DNS? Did you change EVERY DNS client tonews:E3B8B511-7CAF-477F-8CCF-82FFB9C00F1F@microsoft.com... >I have 2 W2k3 DCs that have been working fine. Recently i replaced a DC >with > a new one and replication doesn't work now. point to the NEW DNS Server (if any) and did you make that new DNS server included the zone as a DYNAMIC Zone? > Here is what it did. There is no "inheritance" for DNS SERVERS -- you must do> I demoted a server (SVR1) to a member and promoted the replacement server > to > DC (SVR2). A 3rd server (SVR3) stayed as the > 2nd DC and inherited FSMO and DNS-Pri roles from SVR1 before it was > demoted. that manually. > Also a fourth server (SVR4) was promoted to DC as a backup should Probably all of these should be DNS servers. Certainly> something > go wrong to SVR2 and the migrating SVRs. they all must have their NIC->IP properties set to point STRICTLY at the INTERNAL DNS server (set). > So the configuration now is: It's almost always a DNS error. Since you (seem to) have the> SVR1 - ex-DC, now redundant. > SVR2 - Replaces SVR1, promoted to DC, inherited DHCP from SVR1. Also > DNS-Sec > SVR3 - 2nd DC that inherited FSMO and DNS-Pri roles from SVR1. > SVR4 - 3rd DC until migration process complete. > > Basically, the whole process worked successfully but since the above steps > have been completed, SVRs 2,3 and 4can not > replicate to eachother (even if i force it through 'AD sites and > Services'. DNS servers available, chances are that the DCs have the old DNS server still set on their NIC->IP properties. > The errors i am receiving point to a DNS lookup And register themselves....> problem, but as far i can tell the servers are able to resolve DNS names. > This is the error i get when attempting to replicate in 'AD sites and Here are the general guidelines on DNS for AD:> Services'. > > 'The following error occured during the attempt to contact the domain > controller <servername>. > The RPC Server is unavailable. > > this condition may be caused by a DNS lookup problem. For > troubleshooting......' 1) Dynamic for the zone supporting AD 2) All internal DNS clients NIC\IP properties must specify SOLELY that internal, dynamic DNS server (set.) 3) DCs and even DNS servers are DNS clients too -- see #2 4) If you have more than one Domain, every DNS server must be able to resolve ALL domains (either directly or indirectly) netdiag /fix ....or maybe: dcdiag /fix (Win2003 can do this from Support tools): nltest /dsregdns /server:DC-ServerNameGoesHere http://support.microsoft.com/kb/q260371/ Ensure that DNS zones/domains are fully replicated to all DNS servers for that (internal) zone/domain. Also useful may be running DCDiag on each DC, sending the output to a text file, and searching for FAIL, ERROR, WARN. Single Label domain zone names are a problem Google: [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ] Thanks for both of your thorough responses. I found the problem. The DNS
Alias that you see in the NTDS properties page in AD SItes and Services was wrong compared to the entries I see in the _msdecs subfolder in our DNS zone. Once i corrected these entries replication was successsful. I still have a minor and very strange problem. The few Win98 clients still on our network cannot connect to one of the Domain controllers (SVR2). They can connect to all other servers including the 2nd DC (SVR3). Also my XP pro laptop that i was using to work on the servers on the day of the DNS problems also cannot access this one server by only server name, i.e: it can access all other servers by any method, but it can only access SVR2 network resources using IP or servername.domainname.com, not by just servername. I have tried all kinds of things like DNS flushing, re-registering, netdiag fix etc. I also ghosted an old image back to the laptop and it still cant access the one server. In the end i entered the server name into the Hosts file and it works so it is quite strange. Not sure how to resolve. The hosts file works for the XP machine (although) i would like to fix it completely. But the Win98 clients don't at all even with Hosts file entries. Very Strange Any fault isolation methods to advise? Show quoteHide quote "Herb Martin" wrote: > "Haggis" <Hag***@discussions.microsoft.com> wrote in message > news:E3B8B511-7CAF-477F-8CCF-82FFB9C00F1F@microsoft.com... > >I have 2 W2k3 DCs that have been working fine. Recently i replaced a DC > >with > > a new one and replication doesn't work now. > > What about DNS? Did you change EVERY DNS client to > point to the NEW DNS Server (if any) and did you make > that new DNS server included the zone as a DYNAMIC > Zone? > > > Here is what it did. > > I demoted a server (SVR1) to a member and promoted the replacement server > > to > > DC (SVR2). A 3rd server (SVR3) stayed as the > > 2nd DC and inherited FSMO and DNS-Pri roles from SVR1 before it was > > demoted. > > There is no "inheritance" for DNS SERVERS -- you must do > that manually. > > > Also a fourth server (SVR4) was promoted to DC as a backup should > > something > > go wrong to SVR2 and the migrating SVRs. > > Probably all of these should be DNS servers. Certainly > they all must have their NIC->IP properties set to point > STRICTLY at the INTERNAL DNS server (set). > > > So the configuration now is: > > SVR1 - ex-DC, now redundant. > > SVR2 - Replaces SVR1, promoted to DC, inherited DHCP from SVR1. Also > > DNS-Sec > > SVR3 - 2nd DC that inherited FSMO and DNS-Pri roles from SVR1. > > SVR4 - 3rd DC until migration process complete. > > > > Basically, the whole process worked successfully but since the above steps > > have been completed, SVRs 2,3 and 4can not > > replicate to eachother (even if i force it through 'AD sites and > > Services'. > > It's almost always a DNS error. Since you (seem to) have the > DNS servers available, chances are that the DCs have the old > DNS server still set on their NIC->IP properties. > > > The errors i am receiving point to a DNS lookup > > problem, but as far i can tell the servers are able to resolve DNS names. > > And register themselves.... > > > This is the error i get when attempting to replicate in 'AD sites and > > Services'. > > > > 'The following error occured during the attempt to contact the domain > > controller <servername>. > > The RPC Server is unavailable. > > > > this condition may be caused by a DNS lookup problem. For > > troubleshooting......' > > Here are the general guidelines on DNS for AD: > > 1) Dynamic for the zone supporting AD > 2) All internal DNS clients NIC\IP properties must specify SOLELY > that internal, dynamic DNS server (set.) > 3) DCs and even DNS servers are DNS clients too -- see #2 > 4) If you have more than one Domain, every DNS server must > be able to resolve ALL domains (either directly or indirectly) > > netdiag /fix > > ....or maybe: > > dcdiag /fix > > (Win2003 can do this from Support tools): > nltest /dsregdns /server:DC-ServerNameGoesHere > http://support.microsoft.com/kb/q260371/ > > Ensure that DNS zones/domains are fully replicated to all DNS > servers for that (internal) zone/domain. > > Also useful may be running DCDiag on each DC, sending the > output to a text file, and searching for FAIL, ERROR, WARN. > > Single Label domain zone names are a problem Google: > [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ] > > > -- > Herb Martin, MCSE, MVP > Accelerated MCSE > http://www.LearnQuick.Com > [phone number on web site] > > >
Show quote
Hide quote
"Haggis" <Hag***@discussions.microsoft.com> wrote in message Chances are it is a NetBIOS, or more specically a WINS problem.news:FFD779D3-C2F8-4CCA-BDE2-616D54D474BD@microsoft.com... > Thanks for both of your thorough responses. I found the problem. The DNS > Alias that you see in the NTDS properties page in AD SItes and Services > was > wrong compared to the entries I see in the _msdecs subfolder in our DNS > zone. > Once i corrected these entries replication was successsful. > > I still have a minor and very strange problem. The few Win98 clients still > on our network cannot connect to one of the Domain controllers (SVR2). > They > can connect to all other servers including the 2nd DC (SVR3). Also my XP > pro > laptop that i was using to work on the servers on the day of the DNS > problems > also cannot access this one server by only server name, i.e: it can access > all other servers by any method, but it can only access SVR2 network > resources using IP or servername.domainname.com, not by just servername. I > have tried all kinds of things like DNS flushing, re-registering, netdiag > fix > etc. I also ghosted an old image back to the laptop and it still cant > access > the one server. In the end i entered the server name into the Hosts file > and > it works so it is quite strange. Not sure how to resolve. The hosts file > works for the XP machine (although) i would like to fix it completely. But > the Win98 clients don't at all even with Hosts file entries. > If that DC is not running NetBIOS, or you are using WINS Server but that DC is NOT a "WINS CLIENT" then either of these would account for a problem with it being located by Win98 machines. You need NetBIOS to support legacy clients (and in most all real world cases anyway). If you need NetBIOS and have more than one SUBNET, then you have a practical need for WINS Server. If you use WINS Server, EVERY MACHINE (and most especially DCs AND other servers which often get overlooked) must be WINS Clients. Oh, and if you have more than one WINS Server they must generally be set to "fully replicate" so that you have a single (consistent and complete) WINS database across all servers (even across all domains.) Show quoteHide quote > Very Strange > > Any fault isolation methods to advise? > > "Herb Martin" wrote: > >> "Haggis" <Hag***@discussions.microsoft.com> wrote in message >> news:E3B8B511-7CAF-477F-8CCF-82FFB9C00F1F@microsoft.com... >> >I have 2 W2k3 DCs that have been working fine. Recently i replaced a DC >> >with >> > a new one and replication doesn't work now. >> >> What about DNS? Did you change EVERY DNS client to >> point to the NEW DNS Server (if any) and did you make >> that new DNS server included the zone as a DYNAMIC >> Zone? >> >> > Here is what it did. >> > I demoted a server (SVR1) to a member and promoted the replacement >> > server >> > to >> > DC (SVR2). A 3rd server (SVR3) stayed as the >> > 2nd DC and inherited FSMO and DNS-Pri roles from SVR1 before it was >> > demoted. >> >> There is no "inheritance" for DNS SERVERS -- you must do >> that manually. >> >> > Also a fourth server (SVR4) was promoted to DC as a backup should >> > something >> > go wrong to SVR2 and the migrating SVRs. >> >> Probably all of these should be DNS servers. Certainly >> they all must have their NIC->IP properties set to point >> STRICTLY at the INTERNAL DNS server (set). >> >> > So the configuration now is: >> > SVR1 - ex-DC, now redundant. >> > SVR2 - Replaces SVR1, promoted to DC, inherited DHCP from SVR1. Also >> > DNS-Sec >> > SVR3 - 2nd DC that inherited FSMO and DNS-Pri roles from SVR1. >> > SVR4 - 3rd DC until migration process complete. >> > >> > Basically, the whole process worked successfully but since the above >> > steps >> > have been completed, SVRs 2,3 and 4can not >> > replicate to eachother (even if i force it through 'AD sites and >> > Services'. >> >> It's almost always a DNS error. Since you (seem to) have the >> DNS servers available, chances are that the DCs have the old >> DNS server still set on their NIC->IP properties. >> >> > The errors i am receiving point to a DNS lookup >> > problem, but as far i can tell the servers are able to resolve DNS >> > names. >> >> And register themselves.... >> >> > This is the error i get when attempting to replicate in 'AD sites and >> > Services'. >> > >> > 'The following error occured during the attempt to contact the domain >> > controller <servername>. >> > The RPC Server is unavailable. >> > >> > this condition may be caused by a DNS lookup problem. For >> > troubleshooting......' >> >> Here are the general guidelines on DNS for AD: >> >> 1) Dynamic for the zone supporting AD >> 2) All internal DNS clients NIC\IP properties must specify SOLELY >> that internal, dynamic DNS server (set.) >> 3) DCs and even DNS servers are DNS clients too -- see #2 >> 4) If you have more than one Domain, every DNS server must >> be able to resolve ALL domains (either directly or >> indirectly) >> >> netdiag /fix >> >> ....or maybe: >> >> dcdiag /fix >> >> (Win2003 can do this from Support tools): >> nltest /dsregdns /server:DC-ServerNameGoesHere >> http://support.microsoft.com/kb/q260371/ >> >> Ensure that DNS zones/domains are fully replicated to all DNS >> servers for that (internal) zone/domain. >> >> Also useful may be running DCDiag on each DC, sending the >> output to a text file, and searching for FAIL, ERROR, WARN. >> >> Single Label domain zone names are a problem Google: >> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ] >> >> >> -- >> Herb Martin, MCSE, MVP >> Accelerated MCSE >> http://www.LearnQuick.Com >> [phone number on web site] >> >> >> Of course. I forgot to check that Netbios over TCP was disabled. Once i
changed this it was ok. It also enabled my one XP workstation to see this server as well. Which still is a bit of a curiosoity, it almost as if this xp workstation is using WINS Anyway, it is sorted. Thank heaps :) Show quoteHide quote "Herb Martin" wrote: > "Haggis" <Hag***@discussions.microsoft.com> wrote in message > news:FFD779D3-C2F8-4CCA-BDE2-616D54D474BD@microsoft.com... > > Thanks for both of your thorough responses. I found the problem. The DNS > > Alias that you see in the NTDS properties page in AD SItes and Services > > was > > wrong compared to the entries I see in the _msdecs subfolder in our DNS > > zone. > > Once i corrected these entries replication was successsful. > > > > I still have a minor and very strange problem. The few Win98 clients still > > on our network cannot connect to one of the Domain controllers (SVR2). > > They > > can connect to all other servers including the 2nd DC (SVR3). Also my XP > > pro > > laptop that i was using to work on the servers on the day of the DNS > > problems > > also cannot access this one server by only server name, i.e: it can access > > all other servers by any method, but it can only access SVR2 network > > resources using IP or servername.domainname.com, not by just servername. I > > have tried all kinds of things like DNS flushing, re-registering, netdiag > > fix > > etc. I also ghosted an old image back to the laptop and it still cant > > access > > the one server. In the end i entered the server name into the Hosts file > > and > > it works so it is quite strange. Not sure how to resolve. The hosts file > > works for the XP machine (although) i would like to fix it completely. But > > the Win98 clients don't at all even with Hosts file entries. > > > > Chances are it is a NetBIOS, or more specically a WINS problem. > > If that DC is not running NetBIOS, or you are using WINS Server > but that DC is NOT a "WINS CLIENT" then either of these would > account for a problem with it being located by Win98 machines. > > You need NetBIOS to support legacy clients (and in most all real > world cases anyway). If you need NetBIOS and have more than > one SUBNET, then you have a practical need for WINS Server. > > If you use WINS Server, EVERY MACHINE (and most especially > DCs AND other servers which often get overlooked) must be WINS > Clients. > > Oh, and if you have more than one WINS Server they must generally > be set to "fully replicate" so that you have a single (consistent and > complete) WINS database across all servers (even across all > domains.) > > -- > Herb Martin, MCSE, MVP > Accelerated MCSE > http://www.LearnQuick.Com > [phone number on web site] > > > Very Strange > > > > Any fault isolation methods to advise? > > > > "Herb Martin" wrote: > > > >> "Haggis" <Hag***@discussions.microsoft.com> wrote in message > >> news:E3B8B511-7CAF-477F-8CCF-82FFB9C00F1F@microsoft.com... > >> >I have 2 W2k3 DCs that have been working fine. Recently i replaced a DC > >> >with > >> > a new one and replication doesn't work now. > >> > >> What about DNS? Did you change EVERY DNS client to > >> point to the NEW DNS Server (if any) and did you make > >> that new DNS server included the zone as a DYNAMIC > >> Zone? > >> > >> > Here is what it did. > >> > I demoted a server (SVR1) to a member and promoted the replacement > >> > server > >> > to > >> > DC (SVR2). A 3rd server (SVR3) stayed as the > >> > 2nd DC and inherited FSMO and DNS-Pri roles from SVR1 before it was > >> > demoted. > >> > >> There is no "inheritance" for DNS SERVERS -- you must do > >> that manually. > >> > >> > Also a fourth server (SVR4) was promoted to DC as a backup should > >> > something > >> > go wrong to SVR2 and the migrating SVRs. > >> > >> Probably all of these should be DNS servers. Certainly > >> they all must have their NIC->IP properties set to point > >> STRICTLY at the INTERNAL DNS server (set). > >> > >> > So the configuration now is: > >> > SVR1 - ex-DC, now redundant. > >> > SVR2 - Replaces SVR1, promoted to DC, inherited DHCP from SVR1. Also > >> > DNS-Sec > >> > SVR3 - 2nd DC that inherited FSMO and DNS-Pri roles from SVR1. > >> > SVR4 - 3rd DC until migration process complete. > >> > > >> > Basically, the whole process worked successfully but since the above > >> > steps > >> > have been completed, SVRs 2,3 and 4can not > >> > replicate to eachother (even if i force it through 'AD sites and > >> > Services'. > >> > >> It's almost always a DNS error. Since you (seem to) have the > >> DNS servers available, chances are that the DCs have the old > >> DNS server still set on their NIC->IP properties. > >> > >> > The errors i am receiving point to a DNS lookup > >> > problem, but as far i can tell the servers are able to resolve DNS > >> > names. > >> > >> And register themselves.... > >> > >> > This is the error i get when attempting to replicate in 'AD sites and > >> > Services'. > >> > > >> > 'The following error occured during the attempt to contact the domain > >> > controller <servername>. > >> > The RPC Server is unavailable. > >> > > >> > this condition may be caused by a DNS lookup problem. For > >> > troubleshooting......' > >> > >> Here are the general guidelines on DNS for AD: > >> > >> 1) Dynamic for the zone supporting AD > >> 2) All internal DNS clients NIC\IP properties must specify SOLELY > >> that internal, dynamic DNS server (set.) > >> 3) DCs and even DNS servers are DNS clients too -- see #2 > >> 4) If you have more than one Domain, every DNS server must > >> be able to resolve ALL domains (either directly or > >> indirectly) > >> > >> netdiag /fix > >> > >> ....or maybe: > >> > >> dcdiag /fix > >> > >> (Win2003 can do this from Support tools): > >> nltest /dsregdns /server:DC-ServerNameGoesHere > >> http://support.microsoft.com/kb/q260371/ > >> > >> Ensure that DNS zones/domains are fully replicated to all DNS > >> servers for that (internal) zone/domain. > >> > >> Also useful may be running DCDiag on each DC, sending the > >> output to a text file, and searching for FAIL, ERROR, WARN. > >> > >> Single Label domain zone names are a problem Google: > >> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ] > >> > >> > >> -- > >> Herb Martin, MCSE, MVP > >> Accelerated MCSE > >> http://www.LearnQuick.Com > >> [phone number on web site] > >> > >> > >> > > > "Haggis" <Hag***@discussions.microsoft.com> wrote in message WINS is JUST a method of resolving NetBIOS.news:769910BB-1B4A-4F02-BFD6-C3ED42071EB9@microsoft.com... > Of course. I forgot to check that Netbios over TCP was disabled. Once i > changed this it was ok. It also enabled my one XP workstation to see this > server as well. Which still is a bit of a curiosoity, it almost as if this > xp > workstation is using WINS > > Anyway, it is sorted. Thank heaps :) It's main purpose is to allow dynamic registration and therefore reoslution ACROSS SUBNETS. For a single subnet, broadcasts will work. This is the reason you sometimes see partial success with NetBIOS (broadcasts work, WINS doesn't). All machines NEED to be WINS Clients if you use WINS Server however; since this is what also tells them to register themselves it is critical even for "servers" to be WINS clients. Show quoteHide quote > > "Herb Martin" wrote: > >> "Haggis" <Hag***@discussions.microsoft.com> wrote in message >> news:FFD779D3-C2F8-4CCA-BDE2-616D54D474BD@microsoft.com... >> > Thanks for both of your thorough responses. I found the problem. The >> > DNS >> > Alias that you see in the NTDS properties page in AD SItes and Services >> > was >> > wrong compared to the entries I see in the _msdecs subfolder in our DNS >> > zone. >> > Once i corrected these entries replication was successsful. >> > >> > I still have a minor and very strange problem. The few Win98 clients >> > still >> > on our network cannot connect to one of the Domain controllers (SVR2). >> > They >> > can connect to all other servers including the 2nd DC (SVR3). Also my >> > XP >> > pro >> > laptop that i was using to work on the servers on the day of the DNS >> > problems >> > also cannot access this one server by only server name, i.e: it can >> > access >> > all other servers by any method, but it can only access SVR2 network >> > resources using IP or servername.domainname.com, not by just >> > servername. I >> > have tried all kinds of things like DNS flushing, re-registering, >> > netdiag >> > fix >> > etc. I also ghosted an old image back to the laptop and it still cant >> > access >> > the one server. In the end i entered the server name into the Hosts >> > file >> > and >> > it works so it is quite strange. Not sure how to resolve. The hosts >> > file >> > works for the XP machine (although) i would like to fix it completely. >> > But >> > the Win98 clients don't at all even with Hosts file entries. >> > >> >> Chances are it is a NetBIOS, or more specically a WINS problem. >> >> If that DC is not running NetBIOS, or you are using WINS Server >> but that DC is NOT a "WINS CLIENT" then either of these would >> account for a problem with it being located by Win98 machines. >> >> You need NetBIOS to support legacy clients (and in most all real >> world cases anyway). If you need NetBIOS and have more than >> one SUBNET, then you have a practical need for WINS Server. >> >> If you use WINS Server, EVERY MACHINE (and most especially >> DCs AND other servers which often get overlooked) must be WINS >> Clients. >> >> Oh, and if you have more than one WINS Server they must generally >> be set to "fully replicate" so that you have a single (consistent and >> complete) WINS database across all servers (even across all >> domains.) >> >> -- >> Herb Martin, MCSE, MVP >> Accelerated MCSE >> http://www.LearnQuick.Com >> [phone number on web site] >> >> > Very Strange >> > >> > Any fault isolation methods to advise? >> > >> > "Herb Martin" wrote: >> > >> >> "Haggis" <Hag***@discussions.microsoft.com> wrote in message >> >> news:E3B8B511-7CAF-477F-8CCF-82FFB9C00F1F@microsoft.com... >> >> >I have 2 W2k3 DCs that have been working fine. Recently i replaced a >> >> >DC >> >> >with >> >> > a new one and replication doesn't work now. >> >> >> >> What about DNS? Did you change EVERY DNS client to >> >> point to the NEW DNS Server (if any) and did you make >> >> that new DNS server included the zone as a DYNAMIC >> >> Zone? >> >> >> >> > Here is what it did. >> >> > I demoted a server (SVR1) to a member and promoted the replacement >> >> > server >> >> > to >> >> > DC (SVR2). A 3rd server (SVR3) stayed as the >> >> > 2nd DC and inherited FSMO and DNS-Pri roles from SVR1 before it was >> >> > demoted. >> >> >> >> There is no "inheritance" for DNS SERVERS -- you must do >> >> that manually. >> >> >> >> > Also a fourth server (SVR4) was promoted to DC as a backup should >> >> > something >> >> > go wrong to SVR2 and the migrating SVRs. >> >> >> >> Probably all of these should be DNS servers. Certainly >> >> they all must have their NIC->IP properties set to point >> >> STRICTLY at the INTERNAL DNS server (set). >> >> >> >> > So the configuration now is: >> >> > SVR1 - ex-DC, now redundant. >> >> > SVR2 - Replaces SVR1, promoted to DC, inherited DHCP from SVR1. Also >> >> > DNS-Sec >> >> > SVR3 - 2nd DC that inherited FSMO and DNS-Pri roles from SVR1. >> >> > SVR4 - 3rd DC until migration process complete. >> >> > >> >> > Basically, the whole process worked successfully but since the above >> >> > steps >> >> > have been completed, SVRs 2,3 and 4can not >> >> > replicate to eachother (even if i force it through 'AD sites and >> >> > Services'. >> >> >> >> It's almost always a DNS error. Since you (seem to) have the >> >> DNS servers available, chances are that the DCs have the old >> >> DNS server still set on their NIC->IP properties. >> >> >> >> > The errors i am receiving point to a DNS lookup >> >> > problem, but as far i can tell the servers are able to resolve DNS >> >> > names. >> >> >> >> And register themselves.... >> >> >> >> > This is the error i get when attempting to replicate in 'AD sites >> >> > and >> >> > Services'. >> >> > >> >> > 'The following error occured during the attempt to contact the >> >> > domain >> >> > controller <servername>. >> >> > The RPC Server is unavailable. >> >> > >> >> > this condition may be caused by a DNS lookup problem. For >> >> > troubleshooting......' >> >> >> >> Here are the general guidelines on DNS for AD: >> >> >> >> 1) Dynamic for the zone supporting AD >> >> 2) All internal DNS clients NIC\IP properties must specify SOLELY >> >> that internal, dynamic DNS server (set.) >> >> 3) DCs and even DNS servers are DNS clients too -- see #2 >> >> 4) If you have more than one Domain, every DNS server must >> >> be able to resolve ALL domains (either directly or >> >> indirectly) >> >> >> >> netdiag /fix >> >> >> >> ....or maybe: >> >> >> >> dcdiag /fix >> >> >> >> (Win2003 can do this from Support tools): >> >> nltest /dsregdns /server:DC-ServerNameGoesHere >> >> http://support.microsoft.com/kb/q260371/ >> >> >> >> Ensure that DNS zones/domains are fully replicated to all DNS >> >> servers for that (internal) zone/domain. >> >> >> >> Also useful may be running DCDiag on each DC, sending the >> >> output to a text file, and searching for FAIL, ERROR, WARN. >> >> >> >> Single Label domain zone names are a problem Google: >> >> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ] >> >> >> >> >> >> -- >> >> Herb Martin, MCSE, MVP >> >> Accelerated MCSE >> >> http://www.LearnQuick.Com >> >> [phone number on web site] >> >> >> >> >> >> >> >> >> 
Other interesting topics
Certificate Authority is also a DC, want to demote?
legacyExchangeDN - May I change it to a user? Netlogon / Sysvol Domain redundancy Changing name or IP address on Domain Controller Group Policy - Shutdown/Startup Scripts Question Remove Dirty Boxes [WildPacket] Need help with global AD DNS server placement DNS/Kerberos/LDAP integration question change hardware |
|||||||||||||||||||||||
